This is the ongoing fairytale of securing financial institutions. So many banks in so little time. We should expect cyber attacks on financial institutions because it's just so much easier to pillage online than to coordinate a get-away car, guns and comfortable ski masks. Over the past year, exploits against banks have seriously upped the game: jackpotting ATMs, DDoS, messing with trusted messengers. The recent attacks on Polish banks initially went unnoticed. That's a mistake we can't afford to make, but the attackers are banking on it. When source code revealed that a much bigger player was involved, everyone jumped in. But that was days later. What are we missing because we choose to see what we expect, instead of what is really there? After last year's massive breaches, and some significant financial attacks, financial organizations need to be prepared. The attackers aren't just going after the money. They want the data too.